Prevent an attempt to allocate an excessive amount of memory when dumping the symbols in a malformed file.

	PR 24707
	* objdump.c (slurp_symtab): Fail with a helpful error message if
	the symbol table is too large.

2 files changed, 22 insertions, 1 deletions

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 07c8bb6..e9f83e6 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2019-06-28  Nick Clifton  <nickc@redhat.com>
+
+	PR 24707
+	* objdump.c (slurp_symtab): Fail with a helpful error message if
+	the symbol table is too large.
+
 2019-06-26  Nick Clifton  <nickc@redhat.com>
 
 	PR 24703
diff --git a/binutils/objdump.c b/binutils/objdump.c
index 7a4e7e4..32e6f24 100644
--- a/binutils/objdump.c
+++ b/binutils/objdump.c
@@ -704,7 +704,22 @@ slurp_symtab (bfd *abfd)
       bfd_fatal (_("error message was"));
     }
   if (storage)
-    sy = (asymbol **) xmalloc (storage);
+    {
+      off_t filesize = bfd_get_file_size (abfd);
+
+      /* qv PR 24707.  */
+      if (filesize > 0 && filesize < storage)
+	{
+	  bfd_nonfatal_message (bfd_get_filename (abfd), abfd, NULL,
+				_("error: symbol table size (%#lx) is larger than filesize (%#lx)"),
+			storage, (long) filesize);
+	  exit_status = 1;
+	  symcount = 0;
+	  return NULL;
+	}
+
+      sy = (asymbol **) xmalloc (storage);
+    }
 
   symcount = bfd_canonicalize_symtab (abfd, sy);
   if (symcount < 0)